Too many open ports!
Ok, got a slightly new question with Slack 9, I have been using it regularly for about 4 months now, it runs a web server, an ftp server, sshd, and telnet, also trying to compile a muck but having some strange issues with that.
Anyway. I am well aware that we are in the middle of a hacker war right now and that every hacker worth their salt is trying to hack as many systems as it can. So far mine seems to be running fine and hasn't been broken...the idiots keep trying to kill my cmd.exe file :p and of course the usual attacks from Code Red. Well, I did an nmap on my server with a -v and -O to test its security and got back a nice 1,638,943 (Good Luck!) guess, but I did note that there are quiate a few open ports: 21-ftp 22-ssh 23-telnet 25-smtp 37-time 79-finger 80-httpd 111-sunrpc 113-auth 515-printer 587-submission All I really need open is ftp, ssh, and httpd Any suggestions on how to close those ports? And to be honest, I don't even know what the other ports (sans printer) are for. What needs to be done to kill these ports? Thanks! ~Neo~ |
/etc/initd.conf
|
I have already edited the inetd.conf file and commented out those programs that are unnecessary, but all that alleviated were telnet and finger...I still have sunrpc, auth, printer, time, and submission...any ideas on those?
|
I think you you need to look at rc.inet2 for RPC
services are started from /etc/rc.d - I think if you are running a server you need to read every file in here that has exec permissions so that you know how your system works. There is also a security section on this site. There is no escape, you have to read up on the subject. Have you got a firewall running? regards, tobyl |
/etc/rc.inet1
/etc/rc.inet2 /etc/rc.whatever i did this like 2 days ago. the answer is in the /etc/rc.d directory, trust me. |
If you can't find the place in /etc/rc.d you can also use iptables to shut them down. Something like:
iptables -A INPUT -p ALL --dport 111 -j DROP And head over to the Security forum and read unSpawn's sticky posts at the top. There is TONS of good info on how to secure your box there. |
i had experienced the same problems as ne21, but now that i've got a firewall up i can't see these services when nmapping. i am under the impression that they're still running, but i would like to completely shut the services off.
the suggestions to edit the files /etc/inetd.conf, /etc/rc.d/rc.inet1 and rc.inet2 seem like the right thing to do, but i tried this b4 i put up my firewall and got no results for the services listed by ne21. anybody got an explanation for why after editing out any reference to these services in the aforementioned files these services still persist? then again, maybe i'm being an idiot... |
Well, the simple explanation is that you didn't shutdown the services or reboot once you had edited out the offending portions of the rc.d scripts. The more complicated answer is that you didn't edit out the proper portions of the script to begin with and the service is still starting.
It is good that you've got the ports closed with iptables, but you are right that having nothing listening at those ports in the first place is an even better thing. Why do you think that services are still running? Does netstat -l still show them even after you've shut them down? |
What kind of connections do you guys have?
|
auth and time are in /etc/inetd.conf
Comment out and then # kill -HUP <pid of inetd> |
Okay, I edited out some of the stuff in the inetd.conf, the rc.inet1 and rc.inet2, but I still have those annoying printer and submission ports, as well as sunrpc. I can't seem to find anything else in those files to edit that might control these things.
I did some reading in the security section and tried a few things such as messing with those bloody tcp wrappers (can't figure out a bit of them) ans some others, and now my security ranking actually went down via nmap...ergh frustration setting in. Anyone else have some ideas about those ports or should I maybe post something about this in the Security forum? |
I would check this web page it may be what you need.
http://jetblackz.freeservers.com/Con...ackware90.html |
That is a very good site, windsorjax.
I think many people could learn from it, myself incuded tobyl |
I totally agree with tobyl. This site you gave rocks, I have been on it for quite a bit, just haven't gotten through the whole thing yet. I will though, major props to you windsorjax!
|
I wish I could take credit for it. It has been a real help to me. Salute jetblackz who ever they are they are truly a jewel to have done that much work for the Linux community. http://jetblackz.freeservers.com/
|
All times are GMT -5. The time now is 08:20 AM. |